<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第190期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第190期）</strong></h5>
<blockquote> 2017/10/16-2017/10/22</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>ATM机即将沦陷，地下黑市正在出售ATM恶意软件<br><a target="_blank" href="http://www.4hou.com/info/news/8042.html">http://www.4hou.com/info/news/8042.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>WPA2加密协议已被破解！你还敢用WiFi吗？<br><a target="_blank" href="http://www.4hou.com/info/news/8018.html">http://www.4hou.com/info/news/8018.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>十九大报告中有关网安和信息化事业的内容<br><a target="_blank" href="https://mp.weixin.qq.com/s/DEKQ8zSFNXHrnhkhSmtmYw">https://mp.weixin.qq.com/s/DEKQ8zSFNXHrnhkhSmtmYw</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>上市网络安全公司2017年三季度业绩预告<br><a target="_blank" href="https://mp.weixin.qq.com/s/pd-9DCm-sCouRftXshY99A">https://mp.weixin.qq.com/s/pd-9DCm-sCouRftXshY99A</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>WPA2 协议漏洞让 Wi-Fi 流量能被攻击者监听<br><a target="_blank" href="http://www.solidot.org/story?sid=54135">http://www.solidot.org/story?sid=54135</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>UEBA能够检测的七大类安全风险<br><a target="_blank" href="https://mp.weixin.qq.com/s/okdYuSCbASLrtESh5KNO1A">https://mp.weixin.qq.com/s/okdYuSCbASLrtESh5KNO1A</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>机器学习&amp;数据分析在Web日志分析中的实践 <br><a target="_blank" href="http://blog.nsfocus.net/ml-data-web-logs-analysis/">http://blog.nsfocus.net/ml-data-web-logs-analysis/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span> Windows命令执行漏洞利用总结<br><a target="_blank" href="https://evi1cg.me/archives/remote_exec.html">https://evi1cg.me/archives/remote_exec.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>海洋CMS（SEACMS）v6.55执行任意代码漏洞及其补丁绕过方法<br><a target="_blank" href="http://blog.jowto.com/?p=278">http://blog.jowto.com/?p=278</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>信息安全领域有哪些非常棒的资源<br><a target="_blank" href="http://bar.freebuf.com/comment/9775">http://bar.freebuf.com/comment/9775</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>FreeTalk深圳站看点回顾（附PPT下载）<br><a target="_blank" href="http://www.freebuf.com/fevents/150894.html">http://www.freebuf.com/fevents/150894.html</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>Qcon2017上海「直击黑产」专题回顾<br><a target="_blank" href="http://www.freebuf.com/fevents/151169.html">http://www.freebuf.com/fevents/151169.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>符号执行：利用Angr进行简单CTF逆向分析<br><a target="_blank" href="http://www.freebuf.com/articles/web/150296.html">http://www.freebuf.com/articles/web/150296.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>信息安全实习和校招的面经、真题和资料<br><a target="_blank" href="https://github.com/SecYouth/sec-jobs">https://github.com/SecYouth/sec-jobs</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>wpa2  poc<br><a target="_blank" href="https://github.com/vanhoefm/krackattacks-test-ap-ft">https://github.com/vanhoefm/krackattacks-test-ap-ft</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XSS测试备忘录<br><a target="_blank" href="http://momomoxiaoxi.com/2017/10/10/XSS/">http://momomoxiaoxi.com/2017/10/10/XSS/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP+Mysql注入防护与绕过<br><a target="_blank" href="http://mp.weixin.qq.com/s/qwSS3d9H3_l6LXPheGdAZw">http://mp.weixin.qq.com/s/qwSS3d9H3_l6LXPheGdAZw</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>两款防火墙的注入绕过姿势<br><a target="_blank" href="https://secvul.com/topics/876.html">https://secvul.com/topics/876.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>2017世安杯CTF writeup详解<br><a target="_blank" href="http://www.freebuf.com/articles/rookie/150129.html">http://www.freebuf.com/articles/rookie/150129.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span> Poet：一款功能强大的后渗透工具 <br><a target="_blank" href="http://www.freebuf.com/sectool/150461.html">http://www.freebuf.com/sectool/150461.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>一款简单的Github信息泄露爬虫<br><a target="_blank" href="http://www.freebuf.com/articles/web/150638.html">http://www.freebuf.com/articles/web/150638.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>使用深度学习检测XSS(续)<br><a target="_blank" href="http://www.webber.tech/posts/%E4%BD%BF%E7%94%A8%E6%B7%B1%E5%BA%A6%E5%AD%A6%E4%B9%A0%E6%A3%80%E6%B5%8BXSS%28%E7%BB%AD%29/">http://www.webber.tech/posts/%E4%BD%BF%E7%94%A8%E6%B7%B1%E5%BA%A6%E5%AD%A6%E4%B9%A0%E6%A3%80%E6%B5%8BXSS%28%E7%BB%AD%29/</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第189期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/189">https://www.sec-wiki.com/weekly/189</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WebUSB：一个网页是如何从你的手机中盗窃数据的（含PoC）<br><a target="_blank" href="http://www.freebuf.com/articles/web/150335.html">http://www.freebuf.com/articles/web/150335.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XSS常见Paylaod分析-1<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/30346946">https://zhuanlan.zhihu.com/p/30346946</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>HACK.LU CTF 2017 Web Write-up<br><a target="_blank" href="http://momomoxiaoxi.com/2017/10/19/hackluCTF/">http://momomoxiaoxi.com/2017/10/19/hackluCTF/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>实时监控1000家中国企业的新闻动态<br><a target="_blank" href="https://github.com/NolanZhao/news_feed">https://github.com/NolanZhao/news_feed</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>B站日志系统的前世今生<br><a target="_blank" href="https://mp.weixin.qq.com/s/onrBwQ0vyLJYWD_FRnNjEg">https://mp.weixin.qq.com/s/onrBwQ0vyLJYWD_FRnNjEg</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>OSINTforPenTests  渗透者的开源情报搜集<br><a target="_blank" href="https://github.com/g-solaria/OSINTforPenTests/blob/master/OSINTforPenTests.pdf">https://github.com/g-solaria/OSINTforPenTests/blob/master/OSINTforPenTests.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Mysql约束攻击<br><a target="_blank" href="https://ch1st.github.io/2017/10/19/Mysql%E7%BA%A6%E6%9D%9F%E6%94%BB%E5%87%BB/">https://ch1st.github.io/2017/10/19/Mysql%E7%BA%A6%E6%9D%9F%E6%94%BB%E5%87%BB/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Aktaion - 用于研究 Exploit 和钓鱼检测的开源机器学习工具和样本<br><a target="_blank" href="https://github.com/jzadeh/Aktaion">https://github.com/jzadeh/Aktaion</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IE 11浏览器0day漏洞（CVE-2015-2425）UAF分析<br><a target="_blank" href="http://www.freebuf.com/vuls/151019.html">http://www.freebuf.com/vuls/151019.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>蜜罐与内网安全从0到1（三）<br><a target="_blank" href="https://sosly.me/index.php/2017/10/15/jymiguan3/">https://sosly.me/index.php/2017/10/15/jymiguan3/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>互联网企业安全建设之路规划篇<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/2233.html">https://xianzhi.aliyun.com/forum/read/2233.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>使用威胁情报追踪攻击者—Part 3 使用威胁情报调查攻击者<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/30197024?group_id=903658683733594112">https://zhuanlan.zhihu.com/p/30197024?group_id=903658683733594112</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>SGX侧信道攻击综述<br><a target="_blank" href="http://www.freebuf.com/articles/system/149551.html">http://www.freebuf.com/articles/system/149551.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>代码审计|变量覆盖漏洞<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-28103-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-28103-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQLMAP Tamper Scripts for The Win<br><a target="_blank" href="https://pen-testing.sans.org/blog/2017/10/13/sqlmap-tamper-scripts-for-the-win">https://pen-testing.sans.org/blog/2017/10/13/sqlmap-tamper-scripts-for-the-win</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Java反序列化漏洞从理解到实践<br><a target="_blank" href="http://www.freebuf.com/articles/web/149931.html">http://www.freebuf.com/articles/web/149931.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>MIDA-Multitool: 脚本集合(系统枚举,漏洞验证,权限提升)<br><a target="_blank" href="https://github.com/NullArray/MIDA-Multitool">https://github.com/NullArray/MIDA-Multitool</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>lucky-js-fuzz: 开源jsfuzzer<br><a target="_blank" href="https://github.com/blastxiang/lucky-js-fuzz">https://github.com/blastxiang/lucky-js-fuzz</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Nmap插件编写之MySQL入库<br><a target="_blank" href="http://www.freebuf.com/articles/network/150613.html">http://www.freebuf.com/articles/network/150613.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>IoT_reaper : 一个正在快速扩张的新 IoT 僵尸网络<br><a target="_blank" href="http://blog.netlab.360.com/iot-reaper-a-quick-summary-of-a-rapid-spreading-new-iot-botnet/">http://blog.netlab.360.com/iot-reaper-a-quick-summary-of-a-rapid-spreading-new-iot-botnet/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>iOS 应用安全分析工具 Passionfruit<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/29761306">https://zhuanlan.zhihu.com/p/29761306</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>代码审计之gxlcms <br><a target="_blank" href="http://foreversong.cn/archives/736">http://foreversong.cn/archives/736</a></div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>2017杭州云栖大会视频<br><a target="_blank" href="https://yunqi.aliyun.com/2017/hangzhou/videos?spm=a21cy.10467250.880280.455.v4ewXd&amp;wh_ttid=pc#/video/222">https://yunqi.aliyun.com/2017/hangzhou/videos?spm=a21cy.10467250.880280.455.v4ewXd&amp;wh_ttid=pc#/video/222</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Assemblyline-开源的恶意程序分析工具 <br><a target="_blank" href="https://bitbucket.org/cse-assemblyline/assemblyline/src">https://bitbucket.org/cse-assemblyline/assemblyline/src</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>关于 JNDI 注入<br><a target="_blank" href="https://mp.weixin.qq.com/s/YeskekfkHhHH4kA-02W7Yg">https://mp.weixin.qq.com/s/YeskekfkHhHH4kA-02W7Yg</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>实战Teensy烧录渗透测试U盘<br><a target="_blank" href="http://www.freebuf.com/sectool/150367.html">http://www.freebuf.com/sectool/150367.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>基于Openresty实现业务安全防护<br><a target="_blank" href="http://www.freebuf.com/vuls/150571.html">http://www.freebuf.com/vuls/150571.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>网络空间靶场能力建设·技术沙龙<br><a target="_blank" href="https://mp.weixin.qq.com/s/YyGiYORwk78SKRk_oLe0Xg">https://mp.weixin.qq.com/s/YyGiYORwk78SKRk_oLe0Xg</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>使用威胁情报追踪攻击者-Part 2 高级威胁事件分析与防御矩阵<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/30160133?group_id=903290560648015872">https://zhuanlan.zhihu.com/p/30160133?group_id=903290560648015872</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>BlackOasis APT 和利用 0day 漏洞的新目标攻击<br><a target="_blank" href="https://paper.seebug.org/418/">https://paper.seebug.org/418/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Wiping Out CSRF – Joe Rozner – Medium<br><a target="_blank" href="https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f">https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Blazy: a modern login brute forcer, CSRF, Clickjacking, Cloudflare and WAF<br><a target="_blank" href="https://github.com/UltimateHackers/Blazy">https://github.com/UltimateHackers/Blazy</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>如何用一种最简单的方式分析恶意软件<br><a target="_blank" href="http://www.4hou.com/web/8053.html">http://www.4hou.com/web/8053.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Browser UI Security 技术白皮书<br><a target="_blank" href="https://paper.seebug.org/papers/Archive/Browser%20UI%20Security%20%E6%8A%80%E6%9C%AF%E7%99%BD%E7%9A%AE%E4%B9%A6.pdf">https://paper.seebug.org/papers/Archive/Browser%20UI%20Security%20%E6%8A%80%E6%9C%AF%E7%99%BD%E7%9A%AE%E4%B9%A6.pdf</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>RAID 2017 论文列表(Research in Attacks, Intrusions, and Defense)<br><a target="_blank" href="https://link.springer.com/book/10.1007/978-3-319-66332-6">https://link.springer.com/book/10.1007/978-3-319-66332-6</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>BlackOasis APT and new targeted attacks leveraging zero-day exploit<br><a target="_blank" href="https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/">https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>How i found an SSRF in Yahoo! Guesthouse (Recon Wins)<br><a target="_blank" href="https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4">https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>subjack: Hostile Subdomain Takeover tool written in Go<br><a target="_blank" href="https://github.com/haccer/subjack">https://github.com/haccer/subjack</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>SAP_vulnerabilities: DoS exploits for SAP products<br><a target="_blank" href="https://github.com/vah13/SAP_vulnerabilities">https://github.com/vah13/SAP_vulnerabilities</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>open-redirect-scanner: open redirect subdomains scanner<br><a target="_blank" href="https://github.com/ak1t4/open-redirect-scanner">https://github.com/ak1t4/open-redirect-scanner</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>如何利用Chrome扩展执行恶意操作<br><a target="_blank" href="http://www.4hou.com/web/7996.html">http://www.4hou.com/web/7996.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>nsearch: minimal script to help find script into the nse database<br><a target="_blank" href="https://github.com/JKO/nsearch">https://github.com/JKO/nsearch</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>用Sysmon进行威胁狩猎：发现具有宏的Word文档<br><a target="_blank" href="http://www.4hou.com/web/8084.html">http://www.4hou.com/web/8084.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>专治复制粘贴癌症患者的Pastejacking<br><a target="_blank" href="http://www.4hou.com/web/8005.html">http://www.4hou.com/web/8005.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>awesome-yara: A curated list of awesome YARA rules, tools, and people<br><a target="_blank" href="https://github.com/InQuest/awesome-yara">https://github.com/InQuest/awesome-yara</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Pandora’s Box: Auditing for DDoS Vulnerabilities, Part II<br><a target="_blank" href="https://blog.radware.com/security/2017/10/auditing-ddos-vulnerabilities-2/">https://blog.radware.com/security/2017/10/auditing-ddos-vulnerabilities-2/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>利用Mimikatz和Powersploit导出证书与绕过杀毒软件<br><a target="_blank" href="https://insinuator.net/2017/10/extract-non-exportable-certificates-and-evade-anti-virus-with-mimikatz-and-powersploit/">https://insinuator.net/2017/10/extract-non-exportable-certificates-and-evade-anti-virus-with-mimikatz-and-powersploit/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>The Cyber Vault Project | National Security Archive<br><a target="_blank" href="http://nsarchive.gwu.edu/project/cyber-vault-project">http://nsarchive.gwu.edu/project/cyber-vault-project</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Hacking Bluetooth Smart Locks - workshop<br><a target="_blank" href="https://smartlockpicking.com/slides/BruCON0x09_2017_Hacking_Bluetooth_Smart_locks.pdf">https://smartlockpicking.com/slides/BruCON0x09_2017_Hacking_Bluetooth_Smart_locks.pdf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Browser security beyond sandboxing<br><a target="_blank" href="https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/">https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Typical bank trojan reversed (detailed) [PDF]<br><a target="_blank" href="http://www.blackstormsecurity.com/docs/FOAATTB.pdf">http://www.blackstormsecurity.com/docs/FOAATTB.pdf</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>The Stony Path of Android <br><a target="_blank" href="https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/">https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Broken Link Hijacking - How expired links can be exploited.<br><a target="_blank" href="https://edoverflow.com/2017/broken-link-hijacking/">https://edoverflow.com/2017/broken-link-hijacking/</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全专题</strong>
    </div><div class="single">20类252个顶级侦探必备查询网址汇总<br><a target="_blank" href="https://www.sec-wiki.com/topic/79">https://www.sec-wiki.com/topic/79</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/190">SecWiki周刊(第190期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
